-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security and bug fix update
Advisory ID:       RHSA-2020:4062-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2020:4062
Issue date:        2020-09-29
CVE Names:         CVE-2017-18551 CVE-2018-20836 CVE-2019-9454 
                   CVE-2019-9458 CVE-2019-15217 CVE-2019-15807 
                   CVE-2019-15917 CVE-2019-16231 CVE-2019-16233 
                   CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 
                   CVE-2019-18808 CVE-2019-19046 CVE-2019-19055 
                   CVE-2019-19058 CVE-2019-19059 CVE-2019-19062 
                   CVE-2019-19063 CVE-2019-19332 CVE-2019-19447 
                   CVE-2019-19523 CVE-2019-19524 CVE-2019-19530 
                   CVE-2019-19534 CVE-2019-19537 CVE-2019-19767 
                   CVE-2019-19807 CVE-2019-20054 CVE-2019-20095 
                   CVE-2019-20636 CVE-2020-1749 CVE-2020-2732 
                   CVE-2020-8647 CVE-2020-8649 CVE-2020-9383 
                   CVE-2020-10690 CVE-2020-10732 CVE-2020-10742 
                   CVE-2020-10751 CVE-2020-10942 CVE-2020-11565 
                   CVE-2020-12770 CVE-2020-12826 CVE-2020-14305 
====================================================================
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)

* kernel: out of bounds write in function i2c_smbus_xfer_emulated in
drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)

* kernel: race condition in smp_task_timedout() and smp_task_done() in
drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)

* kernel: out of bounds write in i2c driver leads to local escalation of
privilege (CVE-2019-9454)

* kernel: use after free due to race condition in the video driver leads to
local privilege escalation (CVE-2019-9458)

Space precludes documenting all of the security fixes in this advisory. See
the descriptions of the remaining security fixes in the related Knowledge
Article:

https://access.redhat.com/articles/5442481

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.9 Release Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1427551 - mm/swap: Convert to percpu locked
1707796 - CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free
1745528 - CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver
1747216 - CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c
1757368 - CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c
1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol
1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol
1759681 - CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c
1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c
1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c
1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c
1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c
1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS
1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS
1775042 - CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS
1775047 - CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS
1775074 - CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS
1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c
1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid
1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c
1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver
1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free
1783518 - CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver
1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver
1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer
1786078 - CVE-2019-19807 kernel: use-after-free in sound/core/timer.c
1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c
1788009 - Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike
1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c
1791954 - CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c
1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c
1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c
1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources
1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel
1810685 - CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c
1817141 - CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open
1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field
1818818 - CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege
1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation
1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process
1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table
1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c
1831399 - CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps
1834845 - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case
1835127 - CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic
1839634 - CVE-2020-10751 kernel: SELinux netlink permission check bypass
1850716 - CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 module

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-1160.rt56.1131.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-1160.rt56.1131.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:
kernel-rt-3.10.0-1160.rt56.1131.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-1160.rt56.1131.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-18551
https://access.redhat.com/security/cve/CVE-2018-20836
https://access.redhat.com/security/cve/CVE-2019-9454
https://access.redhat.com/security/cve/CVE-2019-9458
https://access.redhat.com/security/cve/CVE-2019-15217
https://access.redhat.com/security/cve/CVE-2019-15807
https://access.redhat.com/security/cve/CVE-2019-15917
https://access.redhat.com/security/cve/CVE-2019-16231
https://access.redhat.com/security/cve/CVE-2019-16233
https://access.redhat.com/security/cve/CVE-2019-16994
https://access.redhat.com/security/cve/CVE-2019-17053
https://access.redhat.com/security/cve/CVE-2019-17055
https://access.redhat.com/security/cve/CVE-2019-18808
https://access.redhat.com/security/cve/CVE-2019-19046
https://access.redhat.com/security/cve/CVE-2019-19055
https://access.redhat.com/security/cve/CVE-2019-19058
https://access.redhat.com/security/cve/CVE-2019-19059
https://access.redhat.com/security/cve/CVE-2019-19062
https://access.redhat.com/security/cve/CVE-2019-19063
https://access.redhat.com/security/cve/CVE-2019-19332
https://access.redhat.com/security/cve/CVE-2019-19447
https://access.redhat.com/security/cve/CVE-2019-19523
https://access.redhat.com/security/cve/CVE-2019-19524
https://access.redhat.com/security/cve/CVE-2019-19530
https://access.redhat.com/security/cve/CVE-2019-19534
https://access.redhat.com/security/cve/CVE-2019-19537
https://access.redhat.com/security/cve/CVE-2019-19767
https://access.redhat.com/security/cve/CVE-2019-19807
https://access.redhat.com/security/cve/CVE-2019-20054
https://access.redhat.com/security/cve/CVE-2019-20095
https://access.redhat.com/security/cve/CVE-2019-20636
https://access.redhat.com/security/cve/CVE-2020-1749
https://access.redhat.com/security/cve/CVE-2020-2732
https://access.redhat.com/security/cve/CVE-2020-8647
https://access.redhat.com/security/cve/CVE-2020-8649
https://access.redhat.com/security/cve/CVE-2020-9383
https://access.redhat.com/security/cve/CVE-2020-10690
https://access.redhat.com/security/cve/CVE-2020-10732
https://access.redhat.com/security/cve/CVE-2020-10742
https://access.redhat.com/security/cve/CVE-2020-10751
https://access.redhat.com/security/cve/CVE-2020-10942
https://access.redhat.com/security/cve/CVE-2020-11565
https://access.redhat.com/security/cve/CVE-2020-12770
https://access.redhat.com/security/cve/CVE-2020-12826
https://access.redhat.com/security/cve/CVE-2020-14305
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index
https://access.redhat.com/articles/5442481

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBX3OEB9zjgjWX9erEAQiuzw/+IFniE2/hnxrYUlyV8Q3kD7UFnBRh91AV
C5Y0jEWQRfxMLYwnMfWnojBJBSbwRV/l5e3WYauWcdiNUxEBUuf9h7/w59FNC6+S
+Zug4aZRqQb8ugtPtCXVjkllj2HGpUB7jb7RoxQuJoDbH+EM7kqIWoSpt9Z0F/hi
9NhZqvUhipSpBz2ogCAMx4rU8soUu13/NOXqPSGuezdtGVnOHvwJcTcTL0jk/oSI
IlPHtzA8ccIgFztS30Lbu+pJy09ZKp+0rkWYJFyj4JX3hKM0iOA/NFLKrkNtNRIK
63rtMmvIHlFKCAifzdq0ES5LNr94Ic4b3ik/PngDBDNyTJRzaV1Nc5V5xwaOz0S7
OxTyyam6IKY2hu+KeU9p+68gne890RBnqnbBaMB4e7AJOv3Sq9egc7mLsd1X+Sa+
Y9ic4mGUY0a2jeqNxeuFHwk6s3CnA60RHn3qL07mmH+O3gcgUWjoevu7UiYgkJag
mXTyziSv0tl66DbDIzkRuI/vcSS5DWpTGW/aZi0I5x5p1myA1LzQNXRcGJZrgKQh
DoVtxQMvKWZ28PP5XzY9mImjlqsrp2YcPVs02EqbUiV9GKLLDHaVwzr9xQ+WE0d/
L1Hu5F0gIjshVo0XUXLqoyYXvj8LRftKWY9OcaMg4JWaLURBtAOfJotTGCOSVVht
JV3JXmFiXu0=yWG6
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2020-4062:01 Important: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7

Summary

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: use-after-free in sound/core/timer.c (CVE-2019-19807)
* kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c (CVE-2017-18551)
* kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free (CVE-2018-20836)
* kernel: out of bounds write in i2c driver leads to local escalation of privilege (CVE-2019-9454)
* kernel: use after free due to race condition in the video driver leads to local privilege escalation (CVE-2019-9458)
Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:
https://access.redhat.com/articles/5442481
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2017-18551 https://access.redhat.com/security/cve/CVE-2018-20836 https://access.redhat.com/security/cve/CVE-2019-9454 https://access.redhat.com/security/cve/CVE-2019-9458 https://access.redhat.com/security/cve/CVE-2019-15217 https://access.redhat.com/security/cve/CVE-2019-15807 https://access.redhat.com/security/cve/CVE-2019-15917 https://access.redhat.com/security/cve/CVE-2019-16231 https://access.redhat.com/security/cve/CVE-2019-16233 https://access.redhat.com/security/cve/CVE-2019-16994 https://access.redhat.com/security/cve/CVE-2019-17053 https://access.redhat.com/security/cve/CVE-2019-17055 https://access.redhat.com/security/cve/CVE-2019-18808 https://access.redhat.com/security/cve/CVE-2019-19046 https://access.redhat.com/security/cve/CVE-2019-19055 https://access.redhat.com/security/cve/CVE-2019-19058 https://access.redhat.com/security/cve/CVE-2019-19059 https://access.redhat.com/security/cve/CVE-2019-19062 https://access.redhat.com/security/cve/CVE-2019-19063 https://access.redhat.com/security/cve/CVE-2019-19332 https://access.redhat.com/security/cve/CVE-2019-19447 https://access.redhat.com/security/cve/CVE-2019-19523 https://access.redhat.com/security/cve/CVE-2019-19524 https://access.redhat.com/security/cve/CVE-2019-19530 https://access.redhat.com/security/cve/CVE-2019-19534 https://access.redhat.com/security/cve/CVE-2019-19537 https://access.redhat.com/security/cve/CVE-2019-19767 https://access.redhat.com/security/cve/CVE-2019-19807 https://access.redhat.com/security/cve/CVE-2019-20054 https://access.redhat.com/security/cve/CVE-2019-20095 https://access.redhat.com/security/cve/CVE-2019-20636 https://access.redhat.com/security/cve/CVE-2020-1749 https://access.redhat.com/security/cve/CVE-2020-2732 https://access.redhat.com/security/cve/CVE-2020-8647 https://access.redhat.com/security/cve/CVE-2020-8649 https://access.redhat.com/security/cve/CVE-2020-9383 https://access.redhat.com/security/cve/CVE-2020-10690 https://access.redhat.com/security/cve/CVE-2020-10732 https://access.redhat.com/security/cve/CVE-2020-10742 https://access.redhat.com/security/cve/CVE-2020-10751 https://access.redhat.com/security/cve/CVE-2020-10942 https://access.redhat.com/security/cve/CVE-2020-11565 https://access.redhat.com/security/cve/CVE-2020-12770 https://access.redhat.com/security/cve/CVE-2020-12826 https://access.redhat.com/security/cve/CVE-2020-14305 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index https://access.redhat.com/articles/5442481

Package List

Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source: kernel-rt-3.10.0-1160.rt56.1131.el7.src.rpm
noarch: kernel-rt-doc-3.10.0-1160.rt56.1131.el7.noarch.rpm
x86_64: kernel-rt-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source: kernel-rt-3.10.0-1160.rt56.1131.el7.src.rpm
noarch: kernel-rt-doc-3.10.0-1160.rt56.1131.el7.noarch.rpm
x86_64: kernel-rt-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-1160.rt56.1131.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-1160.rt56.1131.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2020:4062-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:4062
Issued Date: : 2020-09-29
CVE Names: CVE-2017-18551 CVE-2018-20836 CVE-2019-9454 CVE-2019-9458 CVE-2019-15217 CVE-2019-15807 CVE-2019-15917 CVE-2019-16231 CVE-2019-16233 CVE-2019-16994 CVE-2019-17053 CVE-2019-17055 CVE-2019-18808 CVE-2019-19046 CVE-2019-19055 CVE-2019-19058 CVE-2019-19059 CVE-2019-19062 CVE-2019-19063 CVE-2019-19332 CVE-2019-19447 CVE-2019-19523 CVE-2019-19524 CVE-2019-19530 CVE-2019-19534 CVE-2019-19537 CVE-2019-19767 CVE-2019-19807 CVE-2019-20054 CVE-2019-20095 CVE-2019-20636 CVE-2020-1749 CVE-2020-2732 CVE-2020-8647 CVE-2020-8649 CVE-2020-9383 CVE-2020-10690 CVE-2020-10732 CVE-2020-10742 CVE-2020-10751 CVE-2020-10942 CVE-2020-11565 CVE-2020-12770 CVE-2020-12826 CVE-2020-14305

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64

Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64


Bugs Fixed

1427551 - mm/swap: Convert to percpu locked

1707796 - CVE-2018-20836 kernel: race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c leads to use-after-free

1745528 - CVE-2019-15217 kernel: null pointer dereference in drivers/media/usb/zr364xx/zr364xx.c driver

1747216 - CVE-2019-15807 kernel: Memory leak in drivers/scsi/libsas/sas_expander.c

1757368 - CVE-2017-18551 kernel: out of bounds write in function i2c_smbus_xfer_emulated in drivers/i2c/i2c-core-smbus.c

1758242 - CVE-2019-17053 kernel: unprivileged users able to create RAW sockets in AF_IEEE802154 network protocol

1758248 - CVE-2019-17055 kernel: unprivileged users able to create RAW sockets in AF_ISDN network protocol

1759681 - CVE-2019-16994 kernel: Memory leak in sit_init_net() in net/ipv6/sit.c

1760100 - CVE-2019-15917 kernel: use-after-free in drivers/bluetooth/hci_ldisc.c

1760310 - CVE-2019-16231 kernel: null-pointer dereference in drivers/net/fjes/fjes_main.c

1760420 - CVE-2019-16233 kernel: null pointer dereference in drivers/scsi/qla2xxx/qla_os.c

1774988 - CVE-2019-19046 kernel: Denial Of Service in the __ipmi_bmc_register() function in drivers/char/ipmi/ipmi_msghandler.c

1775015 - CVE-2019-19063 kernel: Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c allow for a DoS

1775021 - CVE-2019-19062 kernel: memory leak in the crypto_report() function in crypto/crypto_user_base.c allows for DoS

1775042 - CVE-2019-19059 kernel: Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c allows for a DoS

1775047 - CVE-2019-19058 kernel: A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c allows for a DoS

1775074 - CVE-2019-19055 kernel: memory leak in the nl80211_get_ftm_responder_stats() function in net/wireless/nl80211.c allows DoS

1777418 - CVE-2019-18808 kernel: memory leak in ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c

1779594 - CVE-2019-19332 Kernel: kvm: OOB memory write via kvm_dev_ioctl_get_cpuid

1781679 - CVE-2019-19447 kernel: mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c

1783434 - CVE-2019-19523 kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver

1783459 - CVE-2019-19524 kernel: a malicious USB device in the drivers/input/ff-memless.c leads to use-after-free

1783518 - CVE-2019-19530 kernel: use-after-free caused by a malicious USB device in the drivers/usb/class/cdc-acm.c driver

1783540 - CVE-2019-19534 kernel: information leak bug caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_core.c driver

1783561 - CVE-2019-19537 kernel: race condition caused by a malicious USB device in the USB character device driver layer

1786078 - CVE-2019-19807 kernel: use-after-free in sound/core/timer.c

1786160 - CVE-2019-19767 kernel: use-after-free in __ext4_expand_extra_isize and ext4_xattr_set_entry related to fs/ext4/inode.c and fs/ext4/super.c

1788009 - Request nx_huge_pages=N as default value to avoid kvm-rt guest large latency spike

1790063 - CVE-2019-20054 kernel: Null pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c

1791954 - CVE-2019-20095 kernel: memory leak in mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c

1802555 - CVE-2020-8649 kernel: invalid read location in vgacon_invert_region function in drivers/video/console/vgacon.c

1802563 - CVE-2020-8647 kernel: out-of-bounds read in in vc_do_resize function in drivers/tty/vt/vt.c

1805135 - CVE-2020-2732 Kernel: kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources

1809833 - CVE-2020-1749 kernel: some ipv6 protocols not encrypted over ipsec tunnel

1810685 - CVE-2020-9383 kernel: out-of-bounds read in set_fdc in drivers/block/floppy.c

1817141 - CVE-2020-10690 kernel: use-after-free in cdev_put() when a PTP device is removed while it's chardev is open

1817718 - CVE-2020-10942 kernel: vhost-net: stack overflow in get_raw_socket while checking sk_family field

1818818 - CVE-2019-9454 kernel: out of bounds write in i2c driver leads to local escalation of privilege

1819377 - CVE-2019-9458 kernel: use after free due to race condition in the video driver leads to local privilege escalation

1822077 - CVE-2020-12826 kernel: possible to send arbitrary signals to a privileged (suidroot) parent process

1824059 - CVE-2019-20636 kernel: out-of-bounds write via crafted keycode table

1824918 - CVE-2020-11565 kernel: out-of-bounds write in mpol_parse_str function in mm/mempolicy.c

1831399 - CVE-2020-10732 kernel: uninitialized kernel data leak in userspace coredumps

1834845 - CVE-2020-12770 kernel: sg_write function lacks an sg_remove_request call in a certain failure case

1835127 - CVE-2020-10742 kernel: NFS client crash due to index buffer overflow during Direct IO write causing kernel panic

1839634 - CVE-2020-10751 kernel: SELinux netlink permission check bypass

1850716 - CVE-2020-14305 kernel: memory corruption in Voice over IP nf_conntrack_h323 module


Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved